Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
amdhim0004
Contributor

DUAL ISP fail-over is not working found some strange behaviour

Hello All,

Issue - Fail over is not working in dual ISP setup.

Issue Description - We have attached setup in our environment and while trying to do a fail over towards secondary ISP. We observed that old connections are still trying to exit out from primary (Down ISP) and in debug I am getting interface inactive. 

What I observer that if we reset the connection from user end or connection get clear from connection table, then it will go via secondary ISP. 

The thing is this behaviour looks ok with http/https traffic. 

But IPSec and GRE traffic is causing major issue. 

We have 2 different routers behind the firewall trying to communicate internet using IPSec and GRE and we have probing mechanism enabled. So when primary ISP goes down this traffic still trying to go out via primary ISP and due to probing, connection table on the firewall will get automatically refresh. 

 

Logs after failover done to secondary ISP 

++

;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=47 65.**.**.123:0 -> 165.**.**.12:2048 dropped by misp_rt_chain Reason: Interface is inactive;
;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=47 65.**.**.123:0 -> 165.**.**.12:2048 dropped by misp_rt_chain Reason: Interface is inactive;
;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=47 65.**.**.123:0 -> 165.**.**.12:2048

dropped by misp_rt_chain Reason: Interface is inactive;

++

DUal ISP.png

0 Kudos
2 Replies
vijayakumar_M
Explorer

Hi Amdhim0004 

 Myself too getting the same issue, Did you got the solution on this.

Please assist me to solve this.

Thanks

Rajkumar T

0 Kudos
amdhim0004
Contributor

Need to add one route for Monitoring from Secondary ISP.

Set next hope as Secondary ISP gateway IP address.

 

Thanks 

Amandeep

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events